March 5, 2015

GCSB in the Pacific

The first Hager/Snowden story is up on the Herald. It shows that the GCSB is engaged in extensive surveillance in the Pacific, intercepting all network and telecommunications traffic in the area and routing it to NSA facilities in the US. (When GCSB analysts need to access the data they’ve intercepted they do so via NSA databases).

I don’t think its controversial for the GSCB to conduct operations in the Pacific. It’s our ‘sphere of influence’. There are coups in the Pacific. There’s corruption. Money-laundering, which is probably related to organised crime and could conceivably be funding terrorism. We have economic interests in the region, and despite all the rhetoric about ‘keeping us safe’, spying is frequently conducted for commercial purposes.

The problem is that almost all surveillance is now mass surveillance. Intelligence operations used to be targeted against individuals or companies or groups or governments. Now it’s just easier to spy on everyone and mine the data for targets of interest. So we’re violating the privacy of hundreds of thousands of people who live in nations that are friendly to us with no justification other than that it is technologically convenient.

The spies and politicians who enable them will bark, red-faced, that this is not mass-surveillance, because they don’t class gathering data as surveillance, only looking at it. The problem, as Snowden demonstrated, is that an awful lot of people can look at it. There are hundreds of thousands – possibly millions – of people across the five-eye countries that can access this data.

And the agencies themselves seem untrustworthy. The oversight is inadequate. Last year we found out that the head of the SIS was passing on misleading information to political staffers in the Prime Minister’s office to discredit the leader of the opposition.

These security agencies have incredible powers. They justify them on the basis that they’re ‘keeping us safe’. Nothing we know about them suggests that they do anything of the kind. Everything we do know about them involves them lying to us and abusing their powers. If we’re going to have a state that conducts mass-surveillance – and apparently we are, because we do – then it needs to be implemented and regulated properly.

As for Five-Eyes, I guess New Zealand’s attitude towards it is basically a realist/fatalist position. If there is going to be a terrifying global Orwellian mass surveillance network we might as well be members of it. That might change when the inevitable stories of its abuse surface.

A July 2009 GCSB document (scroll to end of article to see it) describes plans to move the Waihopai intelligence base to “full-take collection” – possibly the most important expansion since the station opened in 1989. Previously, according to 1990s GCSB staff, Waihopai intercepted millions of emails and phone calls from the Asia-Pacific region but retained and gave its allies only ones from specified targets. “Full-take collection” means the base now collects and retains everything it intercepts: both the content of all the messages and the “metadata” showing who is calling or emailing whom, at what times and (for mobile calls) location information showing from which cell tower the phone calls were made.

So the recent changes, since 2009, have not been from targeted to mass interception – that was already occurring – but to mass storage and access.

Sanctuary: “Old Colonel Bananarama and his merry crew of thugs won’t take these revelations well…”

According to Nicky Hager on Radio NZ National this morning, Fiji and Tonga handle communications with undersea cables, and so apparently the GCSB isn’t catching that. (See link to Morning Report interview half way down, about 1.45.) The Radio NZ text story gives Fiji as an example of a spied-on country, though. Maybe it’s only the stuff direct between Fiji and Tonga not being sucked up?

The most valuable information of all is that which people think is 100% secure. What chance this cable between Tonga and Fiji has had a little visit from our Seawolf class friend above, and the NSA is feeding it’s stuff back to us?

@Sanc: I presume that the article means Fiji is not being spied on by the GCSB, not that it’s not being spied on by anybody.

Sending in the Jimmy Carter is possible but given that Fiji is probably a low priority target for the USA and SSNs are a scarce resource, I doubt the scenario you’re imagining would happen very often, if at all.

@izogi – Fiji and Tonga also have extensive RAN networks so it’s not difficult to hoover that information up. Also, before traffic traverses a cable it will hit an aggregation switch. Same problem.

The whole undersea cable tapping thing is a bit of a red herring IMO. Technically feasible but both difficult to maintain and expensive, inasmuch as you would likely need parallel cable infrastructure – or possibly ride the same cable back to the point of origin which would be straightforward to detect – in order to get the data back to a shore based collection centre. There are far easier, well proven and less invasive ways of tapping traffic, i.e. at the switch.

@Gregor W – I believe the Americans do the tapping by attaching a storage device, the popping by at least annually to pick up the information and recharge the device. Since year old cable SIGINT is of very little use, you would expect the cable sub to come by at least bi-monthly/quarterly which would imply your comment the cost being a bit of an issue unless Fiji was regarded as important is correct.

So, this means that every New Zealander who has ever been on holiday in Tonga / Samoa / Fiji / Rarotonga / etc and has sent an email or text message or made a phone call while there, has had that communication intercepted by the GCSB and then routed to the NSA.

@ Sanc – the type of self sustained storage device you’re talking about does certainly exist, though I haven’t seen one that is pressure armoured, capable of holding peta-byte scale information or capable of sustaining operation for more than about 10 days. Saying that, low power/ultra high density storage tech has moved ahead leaps and bounds in the last decade or so there is probably no technical impediment.

RJL: Up until 2013 it was clearly illegal (especially Rarotonga: everyone there is a New Zealand citizen). Now its probably legal to collect, as the kiwi stuff is “incidentally obtained intelligence”, but illegal to retain or pass on. Sadly, I expect answers about what systems the GCSB has in place to screen out kiwi content before it gives it all to XKEYSCORE will not be forthcoming.

The subs would only be used to tap the undersea cable ( thats why they were very interested in the daily locations of the cable laying ship), I imagine there is some sort of surface vessel that would position itself above and ‘tether’ itself to hoover all the data up for the regular collections

“It’s a safe bet that those who keep telling us “those with nothing to hide have nothing to fear”, will be screaming “KGB!” if the IRD was doing the same thing as the GCSB.”

It’s funny how some things bring out the stark realities, the actual underlying political principles that govern a class, or an elite, whatever they actually espouse. I totally agree with your hypothetical example. Also keep in mind actual examples, for instance millions of extreme pro market types in the US (i.e. Govt can’t be trusted to provide you with very many goods and services at all, even public goods and services) who also advocate for the death penalty (i.e. relies on the same Govt in another domain to be so perfect at picking “winners” that it is safe to execute them).

It’s a safe bet that those who keep telling us “those with nothing to hide have nothing to fear”, will be screaming “KGB!” if the IRD was doing the same thing as the GCSB.

Topical point: I see the Minister for Customs is asking for roughly equivalent authority for her department. Can’t wait to see various talking heads explode as a result of cognitive dissonance over that one.

Also if I heard correctly this morning, she stated on RNZ that she supports extending the powers of the Police (and possibly the armed forces IIRC?) to mirror those of Customs under certain circumstances – naturally undefined – which is particularly fucking disturbing given the extremely wide powers of warrantless search and seizure available to them under parts 12 and 14 of the Customs and Excise Act.

I suspect this will only happen when one of the thousands of agency employees with access to Internet traffic gets greedy and decides to steal so much money out of bank accounts that the banking system crumples under the strain (I assume they are already stealing moderate amounts of money and it’s just being marked down to “hackers” or people being careless with their passwords).